Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Penetration Testing & Threat Intelligence: Enhancing Cybersecurity | Interview with Sasa Jusic

14 snips

Dec 30, 2025

Sasa Jusic, a board member at Infigo IS with extensive cybersecurity experience, dives into the intricacies of penetration testing and threat intelligence. He explains how these two elements complement each other, highlighting the interplay of offensive and defensive security strategies. Sasa discusses important frameworks like DORA and ISO 27001 and shares critical insights on effective pen test preparation and executing successful reporting. He emphasizes the necessity of collaboration across teams and offers practical advice for optimizing threat intelligence within organizations.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

DORA Emphasizes Resilience Over Controls

DORA reframes regulations around resilience, not just security controls.
It merges IT operations and security testing into a single operational resilience concept.

INSIGHT

Red Teaming Simulates Stealthy Objectives

Red teaming targets specific high-value objectives and mimics stealthy adversaries.
It differs from generic pen tests by requiring avoidance of detection and careful planning.

ADVICE

Act On Findings And Validate Fixes

Prioritize remediation and track progress; follow-up testing validates fixes and ensures value.
Assign responsibility and allocate resources so findings don't linger unread.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

In this episode, host Dejan Kosutic interviews Sasa Jusic, a board member at Infigo IS and a cybersecurity expert. They delve deep into penetration testing and cyber threat intelligence, explaining their roles in enhancing cybersecurity. Learn about the differences between offensive and defensive security measures, the importance of DORA and ISO 27001 frameworks, the critical steps for preparing and executing successful penetration tests, and the elements of threat intelligence. Sasa also shares insights on the collaboration between IT and security teams, as well as the role of consultants in this evolving landscape.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining

(00:00) - Interview with Sasa Jusic
(01:41) - Penetration Testing and Threat Intelligence Relationship
(06:23) - DORA and Its Impact on Cybersecurity
(08:22) - Types of Penetration Testing
(10:33) - Preparing for a Successful Penetration Test
(13:07) - Reporting and Translating Technical Findings
(15:56) - Acting on Penetration Test Reports
(19:52) - Understanding Threat Intelligence
(22:11) - Tools for Threat Intelligence
(29:01) - Common Misconceptions About Threat Intelligence
(31:58) - Opportunities for Cybersecurity Consultants
(36:42) - Key Recommendations for Security Officers
(40:13) - Resources for Consultants